Data that resides on a computer can typically come under attack by individuals who wish to steal or modify the content in a number of different ways. One of the ways that data can be attacked is through the use of “rogue” software that can, for example, reside on the host computer. Typically, rogue software can attempt to access and manipulate the data when the data is stored on the computer (such as in local memory or on the hard disk), and/or “snoop” the data when it is transferred or moved about the computer to and from data destination or origination points such as devices that are connected to the computer.
One point of software attack can be the Universal Serial Bus (USB) that connects the computer to different devices such as a keyboard, mouse, speakers and the like. As some general background on USB, consider the discussion just below.
Universal Serial Bus (USB) is a standard peripheral interface for attaching personal computers to a wide variety of devices: e.g., digital telephone lines, monitors, modems, mice, printers, scanners, game controllers, keyboards, and other peripherals. In accordance with USB, all attached devices connect to a personal computer through a single connector type using a tiered-star topology. A host personal computer includes a single USB controller. The host controller provides the interface between the USB network and the host personal computer. The host controller controls all accesses to USB resources and monitors the bus's topology. A USB hub provides USB attachment points for USB devices.
A USB function is a collection of one or more interfaces on a USB device that perform a given task. A function may have one or more configurations, each of which defines the interfaces that make up the device. Each interface, in turn, is made up of one of more end points.
An endpoint is the ultimate source, or sink, of data. An endpoint pipe provides for the movement of data between USB and memory, and completes the path between the USB host and the function endpoint.
Each endpoint is an addressable entity on USB and is required to respond to IN and OUT tokens from the USB host (typically a PC). IN tokens indicate that the host has requested to receive information from an endpoint, and OUT tokens indicate that the host is about to send information to an endpoint.
On detection of an IN token addressed to an endpoint, the endpoint is responsible for responding with a data packet. If the endpoint is currently stalled, a STALL handshake packet is sent. If the endpoint is enabled, but no data is present, a negative acknowledgment (NAK) handshake packet is sent.
Similarly, on detection of an OUT token addressed to an endpoint, the endpoint is responsible for receiving a data packet sent by the host and storing it in a buffer. If the endpoint pipe is currently stalled, at the end of the data transmission, a STALL handshake packet is sent. If the endpoint pipe is currently disabled, at the end of the data transmission, no handshake packet is sent. If the endpoint pipe is enabled, but no buffer is present in which to store the data, a NAK handshake packet is sent. A disabled endpoint, or endpoints not currently mapped to an endpoint pipe, do not respond to IN, OUT, or SETUP tokens.
It is assumed that the reader has some understanding of the USB. For a more detailed understanding and appreciation, the reader should reference the USB specification which is a publicly-available document.
This invention arose out of concerns associated with providing methods and systems for protecting data from software attacks on the USB.